- Posted Wednesday August 28, 2019
According to a Bloomberg Business story, a cyber-criminal can crack a six-character password that has all lowercase letters in just 10 minutes. Is your GP practice equipped to fight off cyber threats, or could bad habits sabotage your information security?
Using simple passwords is one of many common work habits that can result in a data breach risk for you and your practice. Today, workplace security tips underline the importance of changing bad habits.
In a recent report by Ponemon and Experian Managing Insider Risk through Training & Culture, 66% of professionals said their employees are the weakest link in their organisations' security efforts. Here are 10 everyday bad work habits that increase the risk of a data breach – and ideas for ways to change them.
1. Using easy-to-guess passwords. According to the 2017 Verizon Data Breach Investigations Report (DBIR), 80% of hacking-related breaches used either stolen passwords and/or weak or guessable passwords. The best passwords should be at least 9 characters and contain a combination of numbers, symbols and upper and lower case letters.
2. Forgetting print-outs at the printer. Whether you print a document but wait until later to pick it up or forget materials in the printer tray, confidential information is being exposed.
3. Leaving work out on your desk for tomorrow. This habit provides an opportunity for visual hacking and physical theft. Every practice should enforce a Clean Desk Policy with desks cleared and confidential data locked away at the end of every day.
4. Opening email attachments from someone you don’t know. The DBIR found that about 1 in 14 users are tricked by phishing emails, and 25% of them go on to be duped again. Learn how to spot phishing emails, and to resist clicking on questionable links or attachments.
5.Throwing out old mobile devices.. Even if you delete confidential data, information thieves can recover it from hard drives using special software. Partner with a recognised document destruction provider for secure hard drive destruction.
6. Downloading unapproved apps. Many employees download apps for personal use onto their work devices. But many apps do not have proper security. Consult with the IT department first, or download to personal devices only.
7. Delaying patches and updates. Security patches and updates protect computers from current known threats. Don't put it off - patch right away. Find out more about computer vulnerabilities by taking a look at FPM’s Guide to Being Prepared for Cyber Attacks.
8. Not backing up files. Anyone targeted by a ransomware attack may lose their important files. Back up files regularly, and store data in a safe place.
9. Using public Wi-Fi to access confidential data. In a Harris Interactive survey, 31% of employees admitted to connecting to their company’s network from unsecured free or public Wi-Fi. But ‘public’ means you are more vulnerable to an attack. Don’t do it.
10. Throwing paper documents into the recycling bin. Fraudsters inside an organisation and bin raiders may steal this information. A document destruction company provides a secure destruction process including locked consoles. A Shred-it All Policy helps ensure that all documents are destroyed when no longer needed.
Shred-it is the UK’s leading information security company. Click here to learn more about the services they provide, including document shredding and hard drive destruction to safely dispose of unwanted or outdated confidential waste.